Windows 7: BLADE: Can it stop drive-by malware?

BLADE (BLock All Drive-by download Exploits), the brainchild of researchers from College of Computing at Georgia Institute of Technology and SRI International, is positioned to help stem the tide of drive-by malware. A big deal according to Dasient.com, the company is tracking over 200 thousand different web-based malware threats.

To spot unsolicited download attempts, BLADE places the following processes in kernel space,

• User-interaction tracking: BLADE uses a screen parser, hardware-event tracer, and a supervisor to track the user’s physical interactions with the web browser, specifically when download authorization is asked for.
• Consent correlation: This process is required by BLADE to distinguish between transparent downloads and those requiring user permission.
• Disk I/O redirection: When BLADE locates un-authorized downloads, it redirects the code to a secure zone. The data is also prevented from loading into memory as an executable.

According to the research paper, almost 19,000 trials have taken place, with zero false positives and zero false negatives. Meaning, BLADE prevented in-the-wild drive-by malware from installing in every case.

I did point out that BLADE will not solve every problem, but it has promise to be a good tool in our security arsenal. If you are interested, check back at the BLADE-Defender.org web site, as BLADE V1.0 (a free research prototype) will be available soon.